Wednesday, September 19, 2007
Monday, September 17, 2007
Useful advice from American Greetings Re: phishing
The good news is that there are quick and easy ways to protect yourself from these fraudulent emails. First, you can choose not to click on any links within an email if you have any suspicion that the ecard email you received is fake. Instead, users can always go directly to the official website URL of the stated ecard provider (e.g., www.americangreetings.com) to safely pick up and view the ecard sent to them. This requires no clicking on suspicious email links.
In addition, we have made some significant changes to our ecard notification email and pickup practices, all in the spirit of making legitimate ecards easy to detect and view. Please read below for more information on our recent changes.
What's new?
- AmericanGreetings.com has changed the format of all ecard notification emails sent to ecard recipients. Now legitimate ecard notification emails from us will have all of the following attributes:
- The "from" will always show "Ecard from AmericanGreetings.com" as the display name and ecards@americangreetings.com as the email address. Make sure you check both the display name and email address of the email. It should appear as the following: "Ecard from AmericanGreetings.com"
- The subject line will always include the name of the individual sending the ecard. Make sure you recognize the individual in the subject line before clicking on any links. It should appear as the following:"John Smith has sent you an ecard from AmericanGreetings.com" ("John Smith" is the individual sending the ecard to you).
- The email message will include the name and email address of the sender. Make sure you recognize the individual in the email message before clicking on any links.
- The "from" will always show "Ecard from AmericanGreetings.com" as the display name and ecards@americangreetings.com as the email address. Make sure you check both the display name and email address of the email. It should appear as the following: "Ecard from AmericanGreetings.com"
- We have made it easier to find the ecard pickup area on our site, so you can quickly and safely view your greeting without clicking on any email links. On AmericanGreetings.com, it is now located in the upper right-hand corner of the homepage (americangreetings.com)
- We have created this informational portal to help you navigate through your issues and questions related to email security. Stay tuned for future updates!
More about the recent phishing attack
A wide variety of websites and brands have been affected. While the subject line of the malicious ecard email tends to be generic, such as "You've received an ecard from a class-mate!" or "You've received a postcard from a family member," more recent examples include brand-specific messaging such as "Worshipper sent you a postcard from americangreetings.com." Also, the pickup link within a malicious ecard email is most likely always an IP address, such as 127.0.0.1, which is much different than the typically used pickup link from a legitimate ecard sender that starts off with the host name (e.g., americangreetings.com) and not a series of numbers. As of August 23rd, we have started observing fake emails where the link shows a host name (e.g., http://www.americangreetings.com) but the actual link goes to an IP address instead of americangreetings.com. To see if there is an IP address associated with the link, hover over it with your cursor. If you see a URL when hovering over the link that has a series of numbers, such as http://89.678.999.12, it is not a legitimate link and you should not click on it.
What people should do when they receive an ecard email claiming to be from AmericanGreetings.com:
- First and foremost, if there is any suspicion that you have received a fraudulent ecard email, do not click on any link.
- If you have any doubt who the email is from, manually type in www.americangreetings.com after the http:\\ found in your Internet browser.
- Then find the ecard pickup link (ours is found in the upper right-hand corner of our homepage: www.americangreetings.com) to safely view your ecard.
How to tell the difference between good emails and bad emails
At a quick glance after reviewing the table below, you should be able to tell the difference between legitimate ecard email notifications and emails not from us. However, we still recommend that you manually type in www.americangreetings.com after the http:\\ found in your Internet browser to view your ecard to ensure complete safety.
AmericanGreetings.com Ecard Emails | Fake Ecard Emails | |
---|---|---|
Subject Line | (Sender's name) has sent you an ecard from AmericanGreetings.com. Reminders to pickup your ecard will have the following subject lines:
| Subject line varies. Examples include:
|
"From" | Ecard from AmericanGreetings.com [ecards@americangreetings.com] | "From" varies. Examples include:
|
Email Message | The sender's name and email address is always in the body of the email. You should personally recognize this individual before engaging further in the email. | May or may not include random individual's name and email address. |
Links in Email | Ecard pickup link will always include americangreetings.com as the start of the URL. In addition, we will never send you an EXE file. If your email contains a clickable URL that is an EXE file, do not click on it. | Ecard pickup link does not start with http://www.americangreetings.com, but instead shows a series of numbers (commonly referred to as an "IP Address"). Sometimes the IP address is hidden and can only be seen by hovering your cursor over the link or right-clicking on the link to view Properties. May or may not include a clickable URL that is an EXE file. |
Example of a legitimate AmericanGreetings.com email
(Note: we also have pickup reminder emails sent to the recipient at a future date that may have different copy, but same general attributes as outlined above).
From: Ecard from AmericanGreetings.com [mailto:ecards@americangreetings.com]
Sent: Thursday, August 16, 2007 9:47 AM
To: Jane Smith
Subject: John Smith has sent you an ecard from AmericanGreetings.com
John Smith (jsmith@hotmail.com) has sent you an ecard.
To view your ecard, choose from the options below.
Click on the following link:
http://www.americangreetings.com/ecards/view.pd?i=1234567&m=8859&rr=y&source=ag999
For your security, if you'd prefer not to click on links within this email:
- Type
http://www.americangreetings.com/?source=ag999&rr=y
into your web browser. - Locate the ecard pickup link in the upper right-hand corner of the page.
- Enter the following code --> 91838498859
Please do not reply to this email. To help resolve your issue or question, go to: http://www.americangreetings.com/help/index.pd?source=ag999&rr=y
We have an extensive help center that may answer your questions, or you can choose to email us from there.
To read about email security, type http://www.americangreetings.com/emailprotection
in your web browser to read more.
Thank you!
Your friends at AmericanGreetings.com
Example of an email NOT from AmericanGreetings.com
From:
To:
Subject: Love e-card
Mother(johnsmith@gmail.com) has created Love e-card for you at http://www.americangreetings.com.
To see your custom Love e-card, simply click on the following Internet address (if your mail program doesn't support this feature you will need to COPY and PASTE the address into your browser's address box):
http://76.171.234.133/?f478412572e8e41977cc650eb05623
Send a FREE greeting card from americangreetings.com whenever you want by visiting us at:
http://http://www.americangreetings.com/
This service is provided and hosted by AmericanGreetings.com.
What you can do to protect yourself from fraudulent ecard emails moving forward
If you feel that you have received a fraudulent ecard email claiming to be from AmericanGreetings.com, please submit your example to security@americangreetings.com to help in our investigations. Due to the magnitude of email to this inbox, you will not receive a response; however, you can be assured that your submission will help us continue to fight spam and phishing.
You can also file a complaint at the Internet Crime Complaint Center of the FBI.
Some additional recommendations to further protect you:
- Make sure to always use the latest version of your Internet browser, as they will check for potentially fraudulent websites when browsing the web.
- Save our known address to your safe senders list so that legitimate ecard messages are ensured to be delivered. This does not ensure that ecard scams do not get into your inbox, however.
- Please continue to be mindful of the above characteristics of our ecard emails versus the malicious emails and report any findings to security@americangreetings.com.